U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog
U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog
Publish Date: 2026-05-24 04:07:00
Source Domain: securityaffairs.com
U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini
May 24, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.
Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. Exploitation attempts started almost immediately, and within 48 hours, security firms were tracking thousands of attacks in the wild.
The vulnerability sits in an API designed to sanitize database queries and prevent SQL injection. A flaw in that API means an attacker can send specially crafted requests and inject arbitrary SQL commands on sites using PostgreSQL. As Drupal put it in its advisory.
“A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL databases. This can lead to information disclosure, and in some cases privilege escalation, remote code execution, or other attacks.” reads the advisory. “This vulnerability can be exploited by anonymous users.”
The result can range from information disclosure to privilege escalation and, in some configurations, remote code execution.
The advisory for CVE-2026-9082 was updated on May 22, two days after the patch released, with a detail that confirmed what many had already suspected:
“The risk score has been updated to reflect that exploit attempts are now being detected in the wild.” reads the updated advisory.
Imperva observed more than 15,000 exploitation attempts…
